1. Overview of Cyber Attacks

• Cyber attacks are deliberate actions aimed at disrupting, damaging, or exploiting networks and systems.
• Main attack categories:
  • Scanning Attacks
  • Denial-of-Service (DoS) Attacks
  • Penetration Attacks
  • Other Attacks (SQL Injection, MITM, Phishing)

2. Scanning Attacks

• Definition: Probing networks to find vulnerabilities for exploitation.
• Common Types:

1. Port Scanning: Identifying open ports using tools like Nmap, Netcat.
2. Vulnerability Scanning: Searching for security weaknesses using Nessus, OpenVAS.
3. Network Mapping: Mapping active devices in a network using Traceroute, Netdiscover.

• Detection: IDS/IPS systems, anomaly detection, and log monitoring.

3. Denial-of-Service (DoS) Attacks

• Goal: Overload systems to prevent access.
• Types:

1. Flooding DoS: Overwhelming systems with requests (e.g., SYN Flood, UDP Flood, ICMP Flood).
2. Application Layer DoS: Exploiting application resources (HTTP Flood, DNS Amplification).
3. Distributed DoS (DDoS): Large-scale attack using botnets.

• Detection & Mitigation: Firewalls, traffic analysis, rate limiting, Web Application Firewalls (WAFs).

4. Penetration Attacks

• Definition: Gaining unauthorized access by exploiting vulnerabilities.
• Common Methods:

1. Network Penetration: Exploiting misconfigurations in networks (Metasploit, Netcat).
2. Web Application Penetration: Attacking websites via SQL Injection, XSS, CSRF (Burp Suite, OWASP ZAP).
3. Social Engineering: Manipulating people to reveal confidential data (Phishing, Pretexting, Baiting).

• Mitigation: Secure coding, proper firewall settings, penetration testing.

5. Other Notable Attacks

1. SQL Injection: Exploiting database vulnerabilities for unauthorized access.
2. Man-in-the-Middle (MITM): Intercepting and altering communication between parties.
3. Privilege Escalation: Gaining higher permissions on a system.

6. Prevention & Detection Strategies

• Prevention:
  • Network segmentation & firewalls.
  • Regular updates & patching.
  • Strong authentication and encryption.
• Detection:
  • IDS/IPS monitoring.
  • Anomaly detection.
  • Log analysis tools.

7. Attack Detection Tools

• Snort: Network-based IDS for scanning and DDoS detection.
• Wireshark: Packet analyzer for inspecting network traffic.
• Nessus: Vulnerability scanner for system security assessments.

8. Case Studies

• 2014 GitHub DDoS Attack: Used DNS reflection to amplify traffic.
• 2009 Heartland Payment Systems SQL Injection: Led to the breach of 100M+ cardholder records.